I have two computers on the domain that cannot connect and cannot logon to the domain or local computer either using the persons account or the Admin account.

The error I get is:
"The local policy of this system does not permit you to logon interactively"

I cannot manage the computers from computer management.
I cannot figure this one out!

In domain security policy:
log on locally - Account Operators,Administrators,Authenticated Users,Server Operators,Users

Deny logon locally - not defined

In local security policy:
Log on locally - Authenticated Users,WESTHILLS\TsInternetUser,WESTHILLS\Guest,Use rs,Power Users,Backup Operators, Administrators, WESTHILLS\IUSR_SERVER Account Operators,Administrators,Authenticated Users,Backup Operators,IUSR_SERVER,Print Operators,Server Operators,TsInternetUser,Users

Deny logon locally - nothing


With the second one i get an error trying to logon (locally / domain) that the domain controller cannot be found.

I have had nightmares with configuring this sort of thing as policies can override the ones you thought were set properly.

A good start is to activate the 'Resultant set of Policy' snap-in in the MMC. It is under 'Help' in the MMC or more info on the Tools for Troubleshooting (http://tinyurl.com/3evej) Microsft page, which leads to this specifically about the Resultant set of policy:

microsoft Application and Service tools (http://tinyurl.com/6zm6x)

Make sure terminal services is running in the services list for the second computer.

Big thing was that I could not access either computer from MMC console from any computer on the network.

What I did that finally fixed the problem:

One computer I was able to use Windows Repair and the command:
copy c:\windows\repair\security c:\windows\system32\config\security

This allowed me to logon to the computer and rejoin the domain - problem fixed.

I tried this on the second computer but it was kicking me out at the command prompt saying my password was wrong.

So then I tried the ntrights command:
-m \\computer -u username +r SeInteractiveLogonRight

That did not work either.
So my last resort was just to format the computer and start over.
One thing I noticed was this last computer had SP2 on it. The Devils Code if you ask me.

I had another machine freak out with SP2 and I had to reformat it.

Hope this may help anyone else if they come across this problem.

If you run setup, eg, boot from the CD and pick 'New installation' instead of repair(which gives the recovery console). Then F8, then it examines your disk.

You get asked again if you want to install or repair - this time choose repair.

It runs like a fresh install including asking for a new admin password and network set-up.

All your settings and installed programs are preserved, only windows updates are lost - and your SAM and services settings. They are all returned to default - all settings are.

I have used this to fix all kinds of problems from corrupted registry (usually works) and bad Windows drivers.
But, XP is not easy to get into, is it? No going DOS and retrieving .dat files.

----------------

Another note: I have the SP2 integrated into my WINXPVOL_EN and use it to install. Don't know if this would make a difference though. I only have Word, Excell, and Access 2003 so not much to conflict with SP2 here.

This is what I did:
http://www.theeldergeek.com/slipstreamed_xpsp2_cd.htm

Makes about 550 Mb disk, lot's of room for extra utilities.